<?php
	include("HTML_top.php");
	include("header.php");
?>

<?php

if (isset($_GET['email']) && isset($_GET['title']) && isset($_GET['url']))
{
	include("conn.php");
	connectToDB();
	
	if (isset($_GET['like']))
	{
		mysql_query("INSERT INTO user_likes VALUES ('".$_SESSION['user']['email']."', '".$_GET['email']."', '".addslashes($_GET['title'])."', '".addslashes($_GET['url'])."')");
	}
	
	if (isset($_GET['unlike']))
	{
		mysql_query("DELETE FROM user_likes WHERE liker='".$_SESSION['user']['email']."' AND email='".$_GET['email']."' AND title='".addslashes($_GET['title'])."' AND url='".addslashes($_GET['url'])."';");
	}
	
	if (isset($_POST['comment']))
	{
		mysql_query("INSERT INTO comment VALUES ('".$_SESSION['user']['email']."', '".$_GET['email']."', '".addslashes($_GET['title'])."', '".addslashes($_GET['url'])."', CURRENT_TIMESTAMP, '".addslashes($_POST['comment'])."')");
	}
	
	$q = mysql_query("
SELECT u.name, p.modified, c.title, p.url, p.description
FROM 
(
user AS u INNER JOIN corkboard AS c ON u.email=c.email
	INNER JOIN pushpin AS p ON c.title=p.title AND c.email=p.email
) 
WHERE p.email='".$_GET['email']."' AND p.title='".addslashes($_GET['title'])."' AND p.url='".addslashes($_GET['url'])."';
	");
	
	if (mysql_num_rows($q) > 0) // PP exists
	{
		$r = mysql_fetch_array($q);
		
		echo $r['name'];
			
		if ($_GET['email'] == $_SESSION['user']['email'])
			echo ' (you)';
		else
		{
			$f = mysql_query("SELECT * FROM user_follows WHERE follower='" . $_SESSION['user']['email'] . "' AND followed='" . $_GET['email'] . "'");
			if (mysql_num_rows($f) == 0)
				echo ' <a href="index.php?follow=' . urlencode($_GET['email']) . '&name='.urlencode($r['name']).'">(follow)</a>';
			else
				echo ' <a href="index.php?unfollow=' . urlencode($_GET['email']) . '&name='.urlencode($r['name']).'">(unfollow)</a>';
		}
		
		echo '<hr/>';
		
		echo '<img src="'.$r['url'].'" alt="'.$r['description'].'" style="border:0;margin:10px;" width="750" />';
		
		echo '<p>'.$r['description'].'</p>';
		
		echo '<p><i>Pinned ' . date('g:i A F j, Y', strtotime($r["modified"])) . ' on <a href="corkboard.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'">'.$_GET['title'].'</a>';
		
		if ($_GET['email'] == $_SESSION['user']['email'])
			echo '<br/><a href="corkboard.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'&delurl='.urlencode($_GET['url']).'">Delete this PushPin</a>';
		
		echo '</i></p>';
		
		$t = mysql_query("
		SELECT tag
		FROM 
		(
		user AS u INNER JOIN corkboard AS c ON u.email=c.email
			INNER JOIN pushpin AS p ON c.title=p.title AND c.email=p.email
			INNER JOIN pushpin_tags AS pt ON pt.url=p.url AND pt.email=p.email
											AND pt.title=p.title
		)
		WHERE p.email='".$_GET['email']."' AND p.title='".addslashes($_GET['title'])."' AND p.url='".addslashes($_GET['url'])."';
		");
		
		echo '<p><b>Tags: </b>';
		
		$tn = mysql_num_rows($t);
		for ($i=0; $i < $tn - 1; $i++)
		{
			$tr = mysql_fetch_array($t);
			echo $tr['tag'] . ', ';
		}
	
		// the last one
		$tr = mysql_fetch_array($t);
		echo $tr['tag'];
		
		echo '</p><hr/>';
		
		echo '<div style="float:left;margin-right:5px;"><img src="like.jpg" alt="Like" border="0" /></div>';
		
		if ($_GET['email'] != $_SESSION['user']['email'])
		{
			$like = mysql_query("SELECT * FROM user_likes WHERE liker='".$_SESSION['user']['email']."' AND email='".$_GET['email']."' AND title='".addslashes($_GET['title'])."' AND url='".addslashes($_GET['url'])."';");
			if (mysql_num_rows($like) == 0)
				echo '<a href="pushpin.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'&url='.urlencode($_GET['url']).'&like">Like</a>';
			else
				echo '<a href="pushpin.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'&url='.urlencode($_GET['url']).'&unlike">Unlike</a>';
		}
		echo '<br/>';
		
		$likes = mysql_query("
		SELECT liker, u2.name
		FROM 
		(
		user AS u INNER JOIN corkboard AS c ON u.email=c.email
			INNER JOIN pushpin AS p ON c.title=p.title AND c.email=p.email
			INNER JOIN user_likes AS ul ON p.email=ul.email AND p.title=ul.title
											AND p.url=ul.url
			INNER JOIN user as u2 ON u2.email=ul.liker
		) 
		WHERE p.email='".$_GET['email']."' AND p.title='".addslashes($_GET['title'])."' AND p.url='".addslashes($_GET['url'])."';
		");
		
		$likes_n = mysql_num_rows($likes);
		if ($likes_n > 0)
		{
			if ($likes_n == 1)
			{
				$likes_r = mysql_fetch_array($likes);
				echo $likes_r['name'] . ' likes this';
			}
			else if ($likes_n == 2)
			{
				$likes_r = mysql_fetch_array($likes);
				echo $likes_r['name'] . ' and ';
				$likes_r = mysql_fetch_array($likes);
				echo $likes_r['name'] . ' like this';
			}
			else // >= 3
			{
				for ($i=0; $i < $likes_n - 1; $i++)
				{
					$likes_r = mysql_fetch_array($likes);
					echo $likes_r['name'] . ', ';
				}
				
				$likes_r = mysql_fetch_array($likes);
				echo 'and ' . $likes_r['name'] . ' like this';
			}
		}
		else
		{
			echo 'Nobody likes this';
		}

		echo '<hr/>';
		
		echo '<p><b>Comments</b></p>';
		
		$c = mysql_query("
		SELECT com.commenter, u2.name, com.text
		FROM user AS u
		INNER JOIN corkboard AS c ON u.email=c.email
		INNER JOIN pushpin AS p ON c.title=p.title AND c.email=p.email
		INNER JOIN comment AS com ON com.email=p.email AND com.title=p.title AND com.url=p.url
		INNER JOIN user AS u2 ON u2.email=com.commenter
		WHERE com.email='".$_GET['email']."' AND com.title='".addslashes($_GET['title'])."' AND com.url='".addslashes($_GET['url'])."'
		ORDER BY com.date DESC;		
		");
		
		echo '<table border="0" cellpadding="5" cellspacing="0">';
		while ($cr = mysql_fetch_array($c))
		{
			echo '<tr>';
			
			echo '<td class="commentName">';
			echo $cr['name'] . ':';
			echo '</td>';
			
			echo '<td class="commentText">';
			echo $cr['text'];
			echo '</td>';
			
			echo '</tr>';
		}
		echo '</table>';
		
		echo '<br/><form action="pushpin.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'&url='.urlencode($_GET['url']).'" method="post" onsubmit="return validate_comment(this);">';
		
		echo '<textarea name="comment" cols="50" rows="5"></textarea><br/>';
		echo '<input type="submit" value="Post Comment" />';
		
		echo '</form>';
	}
	else
		echo 'No such PushPin exists! Maybe it got deleted?';
}
else
{
	echo 'Unspecified PushPin &mdash; you shouldn\'t be here!';
}

?>

<?php
	include("footer.php");
	include("HTML_bottom.php");
?>
